Cyber security was thrust into the spotlight when a ransomware attack on an NHS IT provider threatened to disrupt digital services such as patient check-ins and NHS 111.
A ransomware attack is where hackers take control of IT systems to steal data and demand payment from their victims to recover it.
The firm at the centre of the attack refused to confirm whether it had negotiated with the hackers or paid a ransom. However, it did indicate it would take up to four weeks to recover.
The incident is a clear example of the potential damage and chaos that a cyber-attack can inflict and highlights the magnitude of cyber security.
THIS – at the vanguard of cyber security
The Health Informatics Service (THIS) is at the vanguard of cyber security for its host trust, the Calderdale and Huddersfield NHS Foundation Trust (CHFT) and 59 clients across the healthcare sector.
Its Cyber Security Team helps to protect approximately 15,000 devices used by 19,000 people working within CHFT and a spectrum of clients ranging from prison healthcare service providers to GPs’ surgeries.
THIS is the only NHS informatics service to hold three ISO standards relating to cyber security and data protection: ISO 27001 Information Security Management, 9001 Cyber Management and 20000-1 Information Technology Service Management. It is compliant with the NHS Digital/NHS England Data Security and Protection Toolkit (DSPT) and its cyber security training is NHS Digital/NHS England mandated.
In one two-month period, CHFT was the target of 46,600 phishing emails and 34,600 spam emails that resulted in 1,658 malicious websites being blocked, and the thwarting of 1,432 malware attacks.
Building up a security posture
How much protection a healthcare organisation requires depends on the amount and type of data it handles, particularly if it includes patient data.
Paul Glover, of THIS’ Cyber Security Team, recommends the National Cyber Security Centre (NCSC) 10 steps to cyber security as a good starting point. It includes advice on the management of risks, assets, vulnerability, identity and systems access, training and data security.
He says: “Acquiring a good security posture doesn't mean your organisation is completely impenetrable from a cyber-attack. It means the impact is likely to be less than if you'd done nothing.
“The other part of the equation is understanding that if, or when, you are attacked what is your response will be? How are you going to keep running your organisation while it’s suffering from a cyber-attack?”
Back-up plan and incident response
Malware is evolving constantly. Paul Glover likens it to different variants of a virus and how symptoms can change with different mutations.
He says: “What the virus creators do now is create it so that it changes every time it infects a PC. We use next generation antivirus software that looks at the behaviours of the malware instead of looking at the signature.
“Modern antivirus firewalls, intrusion prevention systems, antivirus web security and email security help us to stay ahead of the game.”
Backing up data is an important step to keep it safe, as is having an incident response strategy to be as well prepared as possible.
Recognising the threat and where it comes from…
A common perception of a cyber security attack is one of the hackers breaking through firewalls. But sometimes the threat can come from close to home.
Paul Glover: “There is a threat that comes from inside an organisation. NHS staff have access to some critical information. Someone could sell data or leak it to the internet. But it can happen unwittingly. Social engineering (the term used for a range of malicious activities that trick system users into making security mistakes or giving away sensitive information) is another big risk.”
Providing protection against cyber sabotage